USG60 - check SSL inspection ports

I'm trying to see which SSL ports our USG60 is checking. I've logged in with Putty and run the command show utm-manager ssl-inspection defaultport but it returns: 
% (after 'utm-manager'): Parse error
retval = -1
ERROR: Parse error/command not found!

Other commands I run such as show utm-manager content-filter defaultport return the results fine. 

All Replies

  • Zyxel_StanleyZyxel_Stanley Zyxel Official Agent Posts: 717  mod

    Hi @ACN

    SSL inspection function is only support on USG110/210/310/1100/1900/2200.

    USG20-VPN/40/60 series doesn’t support SSL inspection, so there is no this command.

  • ACNACN Member Posts: 3
    Ah, thanks. My reason for asking is I'm trying to diagnose why our anti-virus does not seem to be working. It is letting me download the eicar.com test virus file instead of dealing with it. 
  • Zyxel_StanleyZyxel_Stanley Zyxel Official Agent Posts: 717  mod

    Hi @ACN  

    If SSL inspection is disabled, it can only scan the non-encrypt data.

    You can make sure the download link is working on HTTP and without encrypted data.

    For test eicar, you can put the test file on your FTP server or HTTP server to exclude encrypted part.

  • ACNACN Member Posts: 3
    So the antivirus licenses we have purchased are useless without encrypted scanning, at least I know not to purchase them again. 
  • Zyxel_StanleyZyxel_Stanley Zyxel Official Agent Posts: 717  mod

    Hi @ACN

    The Anti-Virus function on USG60 can still work on HTTP, FTP, SMTP, POP3, file sharing..etc.

    If you would like to scan encrypted traffic, then SSL inspection will be required.

    The SSL inspection function is supported on USG110/210/310/1100/1900/2200.

Sign In to comment.